WEBVTT
00:00:00.000 --> 00:00:02.025
>> Hey friends, you probably
know that you can use
00:00:02.025 --> 00:00:05.175
ARM templates to deploy
Azure resources as a group.
00:00:05.175 --> 00:00:06.630
But in most enterprises,
00:00:06.630 --> 00:00:09.210
this may lead to
these big monolithic templates
00:00:09.210 --> 00:00:10.725
and it adds a lot of complexity.
00:00:10.725 --> 00:00:12.120
Alex is here to show us how
00:00:12.120 --> 00:00:15.465
Azure Blueprints will enable
you to design and package
00:00:15.465 --> 00:00:17.520
entire Azure environments including
00:00:17.520 --> 00:00:19.110
your preferred policy and
00:00:19.110 --> 00:00:22.050
your role-based access assignments
today on Azure Friday.
00:00:22.050 --> 00:00:27.090
[MUSIC]
00:00:27.090 --> 00:00:28.140
>> Hey, I'm Scott Hanselman,
00:00:28.140 --> 00:00:29.160
and it's Azure Friday.
00:00:29.160 --> 00:00:30.510
I'm here with Alex Frankel
and we're going to
00:00:30.510 --> 00:00:32.305
talk about Azure Blueprints.
00:00:32.305 --> 00:00:33.845
Whatever it is, I love the name.
00:00:33.845 --> 00:00:35.690
>> Cool, that's good to hear.
00:00:35.690 --> 00:00:40.560
Basically, so if you think
about a large enterprise,
00:00:40.560 --> 00:00:44.340
they almost always have
a central cloud architecture team,
00:00:44.340 --> 00:00:46.560
center for cloud excellence,
all that sort of thing.
00:00:46.560 --> 00:00:48.500
They are the ones who
are responsible for
00:00:48.500 --> 00:00:50.930
educating all the different
application teams.
00:00:50.930 --> 00:00:52.400
It could be hundreds and hundreds of
00:00:52.400 --> 00:00:56.300
application teams on how to
consume Azure in the right way.
00:00:56.300 --> 00:00:57.740
What that has created is
00:00:57.740 --> 00:01:00.230
this bottleneck because
all these app teams need to
00:01:00.230 --> 00:01:02.210
consult with the central body to make
00:01:02.210 --> 00:01:04.250
sure they're consuming
the cloud in the right way,
00:01:04.250 --> 00:01:05.630
and so what we're trying to do with
00:01:05.630 --> 00:01:08.090
Blueprints is create
a really easy way to
00:01:08.090 --> 00:01:10.789
package all these different
infrastructure components
00:01:10.789 --> 00:01:12.810
together into a Blueprint,
00:01:12.810 --> 00:01:14.070
and then once it's in a blueprint,
00:01:14.070 --> 00:01:15.710
it makes it really easy to stamp
00:01:15.710 --> 00:01:18.170
out environments as
app teams need them.
00:01:18.170 --> 00:01:20.120
So, you can imagine like a Blueprint
00:01:20.120 --> 00:01:23.015
for a Dev environment or
a Sandbox environment.
00:01:23.015 --> 00:01:24.500
You can imagine a Blueprint for like
00:01:24.500 --> 00:01:26.930
a three tier application
really anything that you
00:01:26.930 --> 00:01:28.910
can imagine you can do an Azure that
00:01:28.910 --> 00:01:31.020
can be packaged into a Blueprint.
00:01:31.020 --> 00:01:33.185
>> Interesting because right
now and big enterprises what I
00:01:33.185 --> 00:01:35.675
see are a mess of PowerShell scripts.
00:01:35.675 --> 00:01:37.325
Everyone's got a different one.
00:01:37.325 --> 00:01:39.350
Everyone's got a Word
document somewhere.
00:01:39.350 --> 00:01:39.940
>> Exactly.
00:01:39.940 --> 00:01:42.335
>> Funny thing about Word
documents. They don't compile.
00:01:42.335 --> 00:01:42.920
>> Yeah.
00:01:42.920 --> 00:01:45.320
>> Right, and there's no way to
really risking validate the stuff.
00:01:45.320 --> 00:01:45.665
>> Yeah.
00:01:45.665 --> 00:01:46.100
>> Right?
00:01:46.100 --> 00:01:46.505
>> Yeah.
00:01:46.505 --> 00:01:49.190
>> Somehow Cloud Enterprise
Excellence Group
00:01:49.190 --> 00:01:50.870
sends you a vision diagram.
00:01:50.870 --> 00:01:51.110
>> Yes.
00:01:51.110 --> 00:01:52.145
>> It says make it like that.
00:01:52.145 --> 00:01:55.160
>> Yes exactly and it creates
this huge process of trial and
00:01:55.160 --> 00:01:56.690
error where they consult the dock
00:01:56.690 --> 00:01:58.610
and they try to make it and
it gets something wrong,
00:01:58.610 --> 00:02:00.470
they go back to
the cloud architecture team
00:02:00.470 --> 00:02:01.580
and they go through that loop,
00:02:01.580 --> 00:02:03.560
and we found that to go from
00:02:03.560 --> 00:02:06.020
zero to production
application in Azure,
00:02:06.020 --> 00:02:08.240
it can take anywhere from
like three to 12 months
00:02:08.240 --> 00:02:10.790
because they're going through
that painful process and they
00:02:10.790 --> 00:02:14.000
all have this custom effectively
custom orchestration system
00:02:14.000 --> 00:02:16.220
and each one is making
their own different things.
00:02:16.220 --> 00:02:17.870
>> So, this was great.
I've literally had
00:02:17.870 --> 00:02:19.160
these conversations with customers
00:02:19.160 --> 00:02:20.435
and with people
internally and I'm like,
00:02:20.435 --> 00:02:22.660
how come I can't go file new.
00:02:22.660 --> 00:02:24.780
My company's enterprise application?
00:02:24.780 --> 00:02:26.360
>> Exactly, and we saw
00:02:26.360 --> 00:02:27.560
all these large enterprises
00:02:27.560 --> 00:02:30.080
spending hundreds of
thousands of dollars and
00:02:30.080 --> 00:02:32.480
60 engineers to build effectively
00:02:32.480 --> 00:02:34.070
their own front end in front of
00:02:34.070 --> 00:02:36.200
Azure so that they could
do something like that.
00:02:36.200 --> 00:02:38.945
But that was all built
with custom code.
00:02:38.945 --> 00:02:40.790
All that PowerShell glue
that you were talking
00:02:40.790 --> 00:02:42.770
about and so this is taking all of
00:02:42.770 --> 00:02:45.800
that knowledge and
research and packaging it
00:02:45.800 --> 00:02:49.100
into this native concept
of a Blueprint in Azure.
00:02:49.100 --> 00:02:51.230
>> Okay. So, then coming from
00:02:51.230 --> 00:02:53.825
a place of ignorance how come
this isn't just ARM templates.
00:02:53.825 --> 00:02:55.985
I thought ARM templates. We're
going to solve everything.
00:02:55.985 --> 00:02:56.600
>> Yeah.
00:02:56.600 --> 00:02:58.430
>> Then with the creation of software
00:02:58.430 --> 00:03:01.070
based networking in v-nets we
can all have our own network.
00:03:01.070 --> 00:03:02.255
There's nothing very sophisticated.
00:03:02.255 --> 00:03:04.700
Wasn't an ARM template
style knew my app.
00:03:04.700 --> 00:03:08.525
>> Yes. So, an ARM template
is really good at saying
00:03:08.525 --> 00:03:12.575
I want this resource to exist
this way in a declarative way,
00:03:12.575 --> 00:03:15.110
but where it starts to break
down is when you start
00:03:15.110 --> 00:03:17.455
composing these large environments,
00:03:17.455 --> 00:03:19.370
and there are certain ways to
00:03:19.370 --> 00:03:21.980
orchestrate larger
ARM templates together,
00:03:21.980 --> 00:03:23.930
but it becomes these
monoliths that are hard
00:03:23.930 --> 00:03:25.880
to debug and hard to
manage and that's
00:03:25.880 --> 00:03:28.445
when you see these
enterprises transition to
00:03:28.445 --> 00:03:30.230
a C-sharp orchestration system or
00:03:30.230 --> 00:03:32.060
PowerShell orchestration system so
00:03:32.060 --> 00:03:33.730
they can keep their
arm templates small,
00:03:33.730 --> 00:03:35.780
but have something to
tie it all together.
00:03:35.780 --> 00:03:37.910
But those all have
their own problems, and so,
00:03:37.910 --> 00:03:40.070
what we're really doing with
Blueprints is giving you a way to
00:03:40.070 --> 00:03:42.795
package ARM templates, policies,
00:03:42.795 --> 00:03:45.230
R-back assignments into
this native thing in
00:03:45.230 --> 00:03:47.735
Azure and you'll see that
that helps with things like
00:03:47.735 --> 00:03:48.890
versioning and keeping
00:03:48.890 --> 00:03:50.720
those environments
up-to-date overtime which
00:03:50.720 --> 00:03:53.660
is a huge challenge that people
don't have a good way of solving.
00:03:53.660 --> 00:03:54.860
>> Okay. That acronym.
00:03:54.860 --> 00:03:56.990
R-back of course
role-based access control.
00:03:56.990 --> 00:04:00.020
So, I'm hearing you say that
Azure Blueprints is a superset
00:04:00.020 --> 00:04:03.125
or container for ARM templates
and other policy.
00:04:03.125 --> 00:04:03.800
>> Exactly.
00:04:03.800 --> 00:04:06.525
>> It is not a replacement
of. It's a bigger dam.
00:04:06.525 --> 00:04:07.800
>> Exactly, so, all the
00:04:07.800 --> 00:04:09.770
engineering in the world
that you've done to build up
00:04:09.770 --> 00:04:12.020
a repository of
really great ARM templates
00:04:12.020 --> 00:04:13.070
that feeds right into
00:04:13.070 --> 00:04:14.405
blueprints. You don't
need to change anything.
00:04:14.405 --> 00:04:14.900
>> I Love it.
00:04:14.900 --> 00:04:15.110
>> Yeah.
00:04:15.110 --> 00:04:17.925
>> I love it. All right.
Anyway so my diagram here.
00:04:17.925 --> 00:04:19.760
>> Yeah. So, this basically
just covered what
00:04:19.760 --> 00:04:21.590
we just talked about where you're
00:04:21.590 --> 00:04:24.170
composing this package
of R-back policy
00:04:24.170 --> 00:04:26.840
and ARM templates into a
Blueprint and once you have
00:04:26.840 --> 00:04:29.360
the Blueprint it becomes
super easy to scale out and
00:04:29.360 --> 00:04:32.360
stamp out those Blueprint
environments in
00:04:32.360 --> 00:04:34.520
many subscriptions or if you're in
00:04:34.520 --> 00:04:37.070
a shared environment in
a single subscription you can
00:04:37.070 --> 00:04:39.470
have Blueprints define
a few resource groups
00:04:39.470 --> 00:04:42.080
and stamp out those environments
within a single subscription.
00:04:42.080 --> 00:04:44.110
>> I assume that this
isn't production specific.
00:04:44.110 --> 00:04:45.350
It could be dev and test and get
00:04:45.350 --> 00:04:47.330
the staging load balancing for
00:04:47.330 --> 00:04:49.500
testing and doing some load testing.
00:04:49.500 --> 00:04:52.925
>> Exactly, and it can be parameterized
really everything that you
00:04:52.925 --> 00:04:54.380
want to be able to do in terms of
00:04:54.380 --> 00:04:57.005
deployment infrastructure to Azure.
It can be done in a Blueprint.
00:04:57.005 --> 00:05:00.140
>> This is a native thing.
This a Azure understands this thing.
00:05:00.140 --> 00:05:00.485
>> Yes.
00:05:00.485 --> 00:05:03.500
>> This isn't just Alex get
this wisdom. PowerShell script.
00:05:03.500 --> 00:05:05.030
>> Exactly, and that's
really the key.
00:05:05.030 --> 00:05:05.525
>> I love it.
00:05:05.525 --> 00:05:07.535
>> Cool. So, let's do a demo.
00:05:07.535 --> 00:05:08.940
>> Alright.
00:05:09.230 --> 00:05:13.100
>> So, this is the Getting
00:05:13.100 --> 00:05:16.190
Started page for Blueprints
and walk through
00:05:16.190 --> 00:05:17.600
some basic things like creating
00:05:17.600 --> 00:05:20.090
a Blueprint signing that Blueprint
to a subscription and then
00:05:20.090 --> 00:05:22.190
tracking the life-cycle
of that Blueprint over
00:05:22.190 --> 00:05:24.860
time swell some good documentation.
00:05:24.860 --> 00:05:26.585
The table of contents is
00:05:26.585 --> 00:05:28.790
super straightforward just
Blueprint definitions.
00:05:28.790 --> 00:05:30.170
What does this Blueprint do
00:05:30.170 --> 00:05:31.715
and Blueprint assignments
what's gonna,
00:05:31.715 --> 00:05:33.725
what's it gonna to look like
when the Blueprint deploys.
00:05:33.725 --> 00:05:34.775
>> Okay.
00:05:34.775 --> 00:05:38.635
>> So, we'll start by creating
a Blueprint from scratch.
00:05:38.635 --> 00:05:42.725
When we do that I get
some simple templates
00:05:42.725 --> 00:05:44.740
here of things like common policies
00:05:44.740 --> 00:05:46.180
or resource groups with R-back.
00:05:46.180 --> 00:05:49.630
These are just built-in Blueprints
to help you get started faster,
00:05:49.630 --> 00:05:52.645
but we're going to start with
a blank Blueprint template.
00:05:52.645 --> 00:05:54.790
I have to give the Blueprint a name.
00:05:54.790 --> 00:05:57.530
So, my new Blueprint.
00:05:57.530 --> 00:06:00.820
I can give it
a description if I'd like,
00:06:00.820 --> 00:06:02.620
but I'm gonna skip that
for now and then I
00:06:02.620 --> 00:06:04.870
need to put the blueprint
definition somewhere.
00:06:04.870 --> 00:06:07.810
So, you've saved
the Blueprint definitions that
00:06:07.810 --> 00:06:10.750
either a management group
scope or subscription scope.
00:06:10.750 --> 00:06:13.360
A management group if you
haven't played around with it
00:06:13.360 --> 00:06:16.210
yet is really just a grouping
concept for subscriptions.
00:06:16.210 --> 00:06:18.220
So, by placing the Blueprint above
00:06:18.220 --> 00:06:20.330
the subscription in
your Azure hierarchy,
00:06:20.330 --> 00:06:23.450
you can then do sign that blueprint
to any child subscription.
00:06:23.450 --> 00:06:24.680
>> That makes sense. That's nice.
00:06:24.680 --> 00:06:26.690
I know I'm familiar of
course with ResourceGroup.
00:06:26.690 --> 00:06:28.460
This wouldn't be
an appropriate concept.
00:06:28.460 --> 00:06:29.930
I'm familiar subscriptions but if
00:06:29.930 --> 00:06:31.370
you're in a large
enterprise with hundreds
00:06:31.370 --> 00:06:34.140
of subscriptions you might want
to say that Developer Division.
00:06:34.140 --> 00:06:34.905
>> Exactly.
00:06:34.905 --> 00:06:35.895
>> The production people.
00:06:35.895 --> 00:06:38.090
>> Exactly. So, we'll pick
00:06:38.090 --> 00:06:41.090
a management group to save
this particular Blueprints.
00:06:41.090 --> 00:06:43.980
[MUSIC].
00:06:43.980 --> 00:06:46.050
Her favorite organization Contoso,
00:06:46.050 --> 00:06:48.320
and when I get to the Artifacts,
00:06:48.320 --> 00:06:50.525
section this is really
the meet of what a Blueprint
00:06:50.525 --> 00:06:52.985
is I can start adding as
many artifacts I need,
00:06:52.985 --> 00:06:54.785
as I need to this Blueprint.
00:06:54.785 --> 00:06:57.590
So, at the beginning I have
00:06:57.590 --> 00:07:00.290
only one spot to put
one of these artifacts,
00:07:00.290 --> 00:07:03.440
and when I click Add artifact
I get these options for
00:07:03.440 --> 00:07:05.060
policy assignment role assignment
00:07:05.060 --> 00:07:06.830
and ARM template or resource group.
00:07:06.830 --> 00:07:08.960
I can create many different
resource groups that I
00:07:08.960 --> 00:07:11.880
defined in the Blueprint.
So, we'll start there.
00:07:11.880 --> 00:07:14.150
Like I said,
00:07:14.150 --> 00:07:16.380
you can parameterize
pretty much anything in a Blueprint.
00:07:16.380 --> 00:07:18.930
So, I can choose to have
the resource group name or
00:07:18.930 --> 00:07:20.820
the location be hard-coded or
00:07:20.820 --> 00:07:22.860
I can have it be determined
at assignment time.
00:07:22.860 --> 00:07:24.120
That's what I'm going to do with
00:07:24.120 --> 00:07:25.865
this particular resource group name.
00:07:25.865 --> 00:07:27.640
But the location, I always want
00:07:27.640 --> 00:07:30.195
this particular environment
to be deployed in East US,
00:07:30.195 --> 00:07:32.660
so I'll hard-code that here.
00:07:33.170 --> 00:07:36.070
So now, we've just added
our first artifact
00:07:36.070 --> 00:07:37.940
to the Blueprint, and as you can see,
00:07:37.940 --> 00:07:39.890
I now have the option
to add an artifact
00:07:39.890 --> 00:07:41.970
to the subscription
like I just did or
00:07:41.970 --> 00:07:43.890
add an artifact within the context of
00:07:43.890 --> 00:07:46.320
my resource group and that's
what I'm going to do here.
00:07:46.320 --> 00:07:48.520
So, I'll click "Add artifact" again.
00:07:48.520 --> 00:07:52.440
I have a similar set of
options, policies, roles,
00:07:52.440 --> 00:07:54.180
and ARM templates,
but obviously I can't
00:07:54.180 --> 00:07:56.060
put a resource group inside
of a resource group.
00:07:56.060 --> 00:07:57.440
So, that's why that option went away.
00:07:57.440 --> 00:07:57.875
>> Okay.
00:07:57.875 --> 00:08:00.970
>> So, let's add an ARM template.
00:08:01.150 --> 00:08:05.115
We're going to add
a virtual network here,
00:08:05.115 --> 00:08:09.335
and I have a place where I can
copy and paste in my ARM template.
00:08:09.335 --> 00:08:12.280
Obviously, we're walking
through the UI right now,
00:08:12.280 --> 00:08:13.935
all of this can be modeled as code.
00:08:13.935 --> 00:08:15.220
So, you can keep all
of your Blueprint
00:08:15.220 --> 00:08:16.785
definitions in source control,
00:08:16.785 --> 00:08:19.050
push them into Azure when
you're ready and then you can
00:08:19.050 --> 00:08:21.290
start assigning those Blueprints
to your environments.
00:08:21.290 --> 00:08:24.655
>> Is the Blueprint, is a JSON file?
00:08:24.655 --> 00:08:26.445
>> Yeah, it's a set of JSON files,
00:08:26.445 --> 00:08:27.690
which is great because then you
00:08:27.690 --> 00:08:29.270
can manage the life cycle of each of
00:08:29.270 --> 00:08:31.090
your Artifacts independently and
00:08:31.090 --> 00:08:34.030
then bring them together in
a definition when you're ready.
00:08:34.030 --> 00:08:36.750
So I have my VNet template here.
00:08:36.750 --> 00:08:38.490
This is just a standard ARM template,
00:08:38.490 --> 00:08:40.940
there's nothing I did to make
it sort of blueprint specific.
00:08:40.940 --> 00:08:41.370
>> Okay.
00:08:41.370 --> 00:08:43.600
>> I'm just going to copy
and paste it in here.
00:08:43.600 --> 00:08:46.610
Click "Add", and now,
00:08:46.610 --> 00:08:50.340
I have my virtual network in
my resource group in my Blueprint.
00:08:50.340 --> 00:08:51.760
Again, there are parameters here,
00:08:51.760 --> 00:08:56.350
I can choose to hard-code any of
these values if I would like,
00:08:56.350 --> 00:08:58.335
but I'm going to leave these alone.
00:08:58.335 --> 00:09:00.040
I'll fill them out
at assignment time.
00:09:00.040 --> 00:09:02.385
But as you can see, there
are default values here.
00:09:02.385 --> 00:09:03.760
So, just like with ARM templates,
00:09:03.760 --> 00:09:06.200
if I have any default
values or allowed values,
00:09:06.200 --> 00:09:08.610
anything like that, that all
works with Blueprints as well.
00:09:08.610 --> 00:09:11.160
>> The UI, a compliment
to you, it's really nice.
00:09:11.160 --> 00:09:13.220
Once you saved it and
came back in its found
00:09:13.220 --> 00:09:15.290
those parameters and it goes
and sets it up very nicely.
00:09:15.290 --> 00:09:16.850
>> It actually found that
before I even saved.
00:09:16.850 --> 00:09:17.220
>> Did it really?
00:09:17.220 --> 00:09:17.420
>> Yeah.
00:09:17.420 --> 00:09:18.440
>> That's impressive.
00:09:18.440 --> 00:09:21.485
>> Yeah. I've got
a good team behind me.
00:09:21.485 --> 00:09:22.365
>> That's lovely.
00:09:22.365 --> 00:09:24.465
>> So we'll save this as draft.
00:09:24.465 --> 00:09:26.340
We saved the Blueprint as a draft
00:09:26.340 --> 00:09:28.200
by default so that
you can continue to
00:09:28.200 --> 00:09:29.740
revise the Blueprint
before you're ready to
00:09:29.740 --> 00:09:32.230
publish it as a distinct version.
00:09:32.230 --> 00:09:34.920
The reason why we're very
careful about publishing is
00:09:34.920 --> 00:09:36.195
because we need to track
00:09:36.195 --> 00:09:37.960
where those Blueprints
have been assigned.
00:09:37.960 --> 00:09:39.935
So, if you turn around tomorrow
and say, "You know what,
00:09:39.935 --> 00:09:41.215
I need the security team to have
00:09:41.215 --> 00:09:42.970
owner access to this resource group."
00:09:42.970 --> 00:09:46.615
I can add it to the Blueprint
definition, update the assignment,
00:09:46.615 --> 00:09:49.400
and all my environments
will get updated because we
00:09:49.400 --> 00:09:50.570
understand what it looked like
00:09:50.570 --> 00:09:52.640
before and what it
needs to look like now,
00:09:52.640 --> 00:09:54.140
so we have a lot of
flexibility there.
00:09:54.140 --> 00:09:54.950
>> Wow. That's cool.
00:09:54.950 --> 00:09:57.970
>> Yeah. So, I'm going
to take my turkey
00:09:57.970 --> 00:09:59.200
out of the oven and go to a more
00:09:59.200 --> 00:10:01.300
advanced Blueprint that
I've been working on.
00:10:01.300 --> 00:10:04.150
This is to set up
a complete networking setup
00:10:04.150 --> 00:10:05.700
for a given application team.
00:10:05.700 --> 00:10:06.220
>> Okay.
00:10:06.220 --> 00:10:07.450
>> As you can see here, I have
00:10:07.450 --> 00:10:12.770
my AppNetwork resource group and
I also have four ARM templates.
00:10:12.770 --> 00:10:14.660
One for my VNet gateway,
00:10:14.660 --> 00:10:16.800
my VNet, my network security group,
00:10:16.800 --> 00:10:18.250
my public IP address,
00:10:18.250 --> 00:10:21.530
and you'll also see here that I
have the other types of artifacts.
00:10:21.530 --> 00:10:23.340
I have a policy here to apply
00:10:23.340 --> 00:10:25.330
default cost center tag
00:10:25.330 --> 00:10:27.375
to all the resources in
that resource group,
00:10:27.375 --> 00:10:29.170
and I have an R-back
assignment to give
00:10:29.170 --> 00:10:31.285
contributor access to
that resource group.
00:10:31.285 --> 00:10:33.290
So, when I go through
the assignment process,
00:10:33.290 --> 00:10:34.630
I'll hand over access to
00:10:34.630 --> 00:10:37.650
the application team as part
of deploying the environment.
00:10:37.650 --> 00:10:40.330
So it's really just one click
and everything is good to go.
00:10:40.330 --> 00:10:41.680
>> Right, that right there,
00:10:41.680 --> 00:10:43.845
this screen really makes a lot
of sense because it shows you
00:10:43.845 --> 00:10:46.770
what lives with inside ARM
and what is outside of scope.
00:10:46.770 --> 00:10:47.060
>> Yeah.
00:10:47.060 --> 00:10:48.890
>> That now becomes part
of the larger Blueprint.
00:10:48.890 --> 00:10:50.760
>> Yeah, exactly. It
also makes it really
00:10:50.760 --> 00:10:53.155
good for consulting
with application teams.
00:10:53.155 --> 00:10:54.580
I know as the central team can say,
00:10:54.580 --> 00:10:56.390
"Hey, this is what
your Blueprint looks like.
00:10:56.390 --> 00:10:58.300
This is what's going to be
deployed in your environment."
00:10:58.300 --> 00:11:01.150
Instead of pouring over
these monolithic JSON documents,
00:11:01.150 --> 00:11:04.140
it makes it really easy
to just look in the UI.
00:11:04.190 --> 00:11:09.425
So, now that we have
a Blueprint defined,
00:11:09.425 --> 00:11:10.890
let's go through and assign
00:11:10.890 --> 00:11:12.980
that Blueprint to
a particular subscription.
00:11:12.980 --> 00:11:13.280
>> Okay.
00:11:13.280 --> 00:11:15.845
>> So, I'm going to pull up
the assignment screen here.
00:11:15.845 --> 00:11:18.595
The first thing I need to
do is pick a subscription.
00:11:18.595 --> 00:11:20.735
So, I have a bunch of
subscriptions here.
00:11:20.735 --> 00:11:22.910
These are all the
subscriptions that live
00:11:22.910 --> 00:11:25.385
within that management group
where I saved the Blueprint.
00:11:25.385 --> 00:11:28.580
So only the eligible subscriptions
are showing up here.
00:11:28.580 --> 00:11:30.710
I can give the assignment name,
00:11:30.710 --> 00:11:32.430
I have to give
the Blueprint a location,
00:11:32.430 --> 00:11:34.380
and then here's where
that version comes in,
00:11:34.380 --> 00:11:36.270
if I want to assign
an older version I can do
00:11:36.270 --> 00:11:38.360
that but it defaults
to the latest version.
00:11:38.360 --> 00:11:39.910
>> Which is nice also to know that
00:11:39.910 --> 00:11:41.870
Blueprints are being
actively developed,
00:11:41.870 --> 00:11:43.430
but your investments in
00:11:43.430 --> 00:11:45.530
possibly existing Blueprints
are maintained.
00:11:45.530 --> 00:11:46.880
>> Exactly. So, there's all sorts of
00:11:46.880 --> 00:11:49.200
use cases for keeping
that old version around.
00:11:49.200 --> 00:11:51.140
So, it's not as if you've
published a new version
00:11:51.140 --> 00:11:53.320
in that old one goes away
and can't be used anymore.
00:11:53.320 --> 00:11:54.555
>> It makes sense.
00:11:54.555 --> 00:11:58.535
>> This feature of locking the
assignment is really interesting.
00:11:58.535 --> 00:12:00.870
So, today is a perfect example.
00:12:00.870 --> 00:12:03.895
You'll deploy a network
into a subscription,
00:12:03.895 --> 00:12:06.070
and you need to give
that application team owner
00:12:06.070 --> 00:12:07.560
access to that subscription, right?
00:12:07.560 --> 00:12:10.050
Because they need to give
access to more people,
00:12:10.050 --> 00:12:12.275
create more resources,
all those sorts of things.
00:12:12.275 --> 00:12:14.060
But that central team has
00:12:14.060 --> 00:12:16.065
that network configured
in a very particular way.
00:12:16.065 --> 00:12:18.730
They don't want you mucking
with IP addresses or
00:12:18.730 --> 00:12:19.810
anything like that because that can
00:12:19.810 --> 00:12:21.540
have really severe consequences.
00:12:21.540 --> 00:12:23.445
So by locking the assignment,
00:12:23.445 --> 00:12:26.765
it actually says
only the Blueprint definition
00:12:26.765 --> 00:12:29.350
can be responsible for
modifying these resources.
00:12:29.350 --> 00:12:31.370
Even if you're an owner
in the subscription,
00:12:31.370 --> 00:12:34.595
we've actually revoked
access from those people,
00:12:34.595 --> 00:12:35.960
so that really nothing can
00:12:35.960 --> 00:12:38.950
touch those resources
except for the Blueprints.
00:12:38.950 --> 00:12:41.980
So, you still have a full life cycle
around those resources,
00:12:41.980 --> 00:12:43.830
but you've removed access from
00:12:43.830 --> 00:12:45.935
any owners that you may not
want to tamper with it.
00:12:45.935 --> 00:12:48.360
>> How granular or
not granular is that,
00:12:48.360 --> 00:12:49.840
is that's simply a binary thing?
00:12:49.840 --> 00:12:51.895
What if I want to change
this VM from medium to large?
00:12:51.895 --> 00:12:54.210
>> So today, it is binary.
00:12:54.210 --> 00:12:55.290
So by turning the lock on,
00:12:55.290 --> 00:12:58.055
you're locking all the
resources in a Blueprint.
00:12:58.055 --> 00:13:01.090
But we do have a lot of plans to
make that a lot more granular.
00:13:01.090 --> 00:13:02.220
To say, "You know what, I want
00:13:02.220 --> 00:13:04.125
this resource locked down completely,
00:13:04.125 --> 00:13:06.130
but this one I only want
to prevent deletion,
00:13:06.130 --> 00:13:07.470
but I want people to add to it."
00:13:07.470 --> 00:13:09.500
So you can imagine,
like a SQL database.
00:13:09.500 --> 00:13:11.680
You want to be able to spin
up a new database without
00:13:11.680 --> 00:13:14.130
messing with the core config
of the actual SQL Server.
00:13:14.130 --> 00:13:16.390
>> Exactly. Scale up and out seemed
like the first obvious [inaudible].
00:13:16.390 --> 00:13:17.405
>> Yeah, exactly.
00:13:17.405 --> 00:13:18.120
>> Cool,.
00:13:18.120 --> 00:13:18.780
>> In progress.
00:13:18.780 --> 00:13:19.160
>> I dig it.
00:13:19.160 --> 00:13:21.010
>> Yeah, and then,
00:13:21.010 --> 00:13:22.910
now it's asking me for
all the different pieces of
00:13:22.910 --> 00:13:25.535
information that we
parameterized in the Blueprint.
00:13:25.535 --> 00:13:27.410
So, I have all my
resource names here.
00:13:27.410 --> 00:13:29.500
It's picking up the default values
from the template,
00:13:29.500 --> 00:13:31.415
so I don't need to touch anything.
00:13:31.415 --> 00:13:34.320
The resource group is
also parameterized.
00:13:34.320 --> 00:13:37.090
It's adding a parameter
00:13:37.090 --> 00:13:40.470
to that resource group name,
the locations hard-coded.
00:13:40.470 --> 00:13:41.990
I need to give access to
00:13:41.990 --> 00:13:44.500
somebody for this Blueprint
to be created.
00:13:44.500 --> 00:13:45.710
So, if you don't mind, I'll give
00:13:45.710 --> 00:13:47.295
you access to this resource group.
00:13:47.295 --> 00:13:50.570
>> [inaudible]. Do I exist?
00:13:50.570 --> 00:13:51.630
>> I think you exist.
00:13:51.630 --> 00:13:52.310
>> Am I a person?
00:13:52.310 --> 00:13:52.800
>> There you go.
00:13:52.800 --> 00:13:54.310
>> Oh, my goodness.
00:13:54.350 --> 00:13:57.360
>> That cost center tag,
00:13:57.360 --> 00:13:58.935
that we're adding to
all the resources,
00:13:58.935 --> 00:14:01.020
that's a defined set
of allowed values.
00:14:01.020 --> 00:14:03.420
So, it's really easy for me to
pick from a set that have already
00:14:03.420 --> 00:14:06.440
been approved by these
central architecture teams.
00:14:06.440 --> 00:14:08.660
The IP addresses have
all been defaulted,
00:14:08.660 --> 00:14:10.740
I can change this if I need to,
00:14:10.740 --> 00:14:13.370
and the VNet gateways
already configured as well.
00:14:13.370 --> 00:14:15.950
So, all I need to do is
click "Assign" here,
00:14:20.700 --> 00:14:24.775
and what this is doing, it's
kicking off the assignment process.
00:14:24.775 --> 00:14:27.295
So now, the assignment
process has started.
00:14:27.295 --> 00:14:28.520
So everything's working well,
00:14:28.520 --> 00:14:30.560
but it's in the process
of deploying, right?
00:14:30.560 --> 00:14:32.470
So let's look at what happens when
00:14:32.470 --> 00:14:35.510
this Blueprint is finished deploying.
00:14:35.510 --> 00:14:38.570
So, you can see here all the
deployed resources are listed here.
00:14:38.570 --> 00:14:40.080
These are all live links to
00:14:40.080 --> 00:14:41.480
the real resources that are really
00:14:41.480 --> 00:14:43.130
running and they're really locked.
00:14:43.130 --> 00:14:46.280
If I went in and tried to
delete an Nsg or VNet here,
00:14:46.280 --> 00:14:47.870
I would get an error
saying, "You know what,
00:14:47.870 --> 00:14:50.160
you have access to these
resources normally,
00:14:50.160 --> 00:14:51.330
but there's a blueprint that's
00:14:51.330 --> 00:14:53.360
locking these resources
so you can't touch them."
00:14:53.360 --> 00:14:55.060
>> Wow. So you went
out throughout all of
00:14:55.060 --> 00:14:57.200
Azure to make sure that this
was baked into Azure itself.
00:14:57.200 --> 00:14:59.900
>> Oh yeah. It's a core part
of how R-back works in Azure.
00:14:59.900 --> 00:15:00.950
We worked closely with
00:15:00.950 --> 00:15:02.750
the Identity Team to make
sure it worked really well.
00:15:02.750 --> 00:15:03.590
>> That's powerful stuff.
00:15:03.590 --> 00:15:04.485
>> Yeah, it really is.
00:15:04.485 --> 00:15:06.410
>> All right. So, I can do this now.
00:15:06.410 --> 00:15:08.410
This is in preview. Where do
I learn about Blueprints?
00:15:08.410 --> 00:15:12.955
>> So, you can go to this beautiful
collection of resources here.
00:15:12.955 --> 00:15:14.710
>> All right. Screenshot
this everybody.
00:15:14.710 --> 00:15:16.380
>> Yeah. So you have documentation,
00:15:16.380 --> 00:15:17.910
we have a deep dive video from Ignite
00:15:17.910 --> 00:15:19.450
that goes into way more detail,
00:15:19.450 --> 00:15:21.380
and then if you want to take
the next step of managing
00:15:21.380 --> 00:15:24.430
your Blueprints as a code and
putting it in source control,
00:15:24.430 --> 00:15:26.390
you have a link for walking
you through that as well.
00:15:26.390 --> 00:15:27.230
>> All right. Awesome.
00:15:27.230 --> 00:15:27.430
>> Cool.
00:15:27.430 --> 00:15:29.650
>> What a fantastic resource
available to us.
00:15:29.650 --> 00:15:31.950
Azure Blueprints making
it easier to roll
00:15:31.950 --> 00:15:34.475
things out to your large enterprise
and your organization.
00:15:34.475 --> 00:15:36.954
I'm learning all about it
today on Azure Friday.
00:15:36.954 --> 00:15:43.103
[MUSIC]